So, the following HAP confg worked, with lots of work in the shibboleth
land.
frontend http_front
bind :80
bind 0.0.0.0:443 ssl crt /etc/haproxy/crsplab2_1.pem crt
/etc/haproxy/ssl.d/ no-sslv3 no-tls-tickets
option httplog
rate-limit sessions 5
log global
log /dev/log local0
Thanks, Jarno! This is a good tip and it is similar to the one I have
posted last night. I am working on to get the SP entityID setup now ( in
the shib backend ) -- after it gets set up then I can try a few new things
( including your suggestion ).
--imam
On Mon, Oct 29, 2018 at 2:09 AM Jarno
Hi,
Can you describe how you would like this (haproxy -> apache+shib -> jupyter?)
setup ? (Perhaps with some kind of diagram with desired urls / ips
etc).
>From what I understand you'd like to use public ip/url only on haproxy
and everything else on private ip's (accessed only from the haproxy
i found something here, might be of good interest, this might work. It
does have some similarities with what you have mentioned . I will try this
out.
https://docs.shib.ncsu.edu/docs/advanced/spscale.html
On Sun, Oct 28, 2018 at 9:21 PM Igor Cicimov
wrote:
> The DNS, point the DNS record for
"The DNS, point the DNS record for crsplabweb2.example.com to the public IP
of haproxy. "
I must be missing something, pardon me. If I did that, then where do I run
and validate shibboleth requests? As far as I know, for shibboleth to
work, i need to run 'shibd' , i need to establish an
The DNS, point the DNS record for crsplabweb2.example.com to the public IP
of haproxy.
On Mon, Oct 29, 2018 at 2:36 PM Imam Toufique wrote:
> " Well you need to point crsplabweb2.example.com to the haproxy IP that's
> the whole point of it running behind a proxy. Or am I missing something? "
>
" Well you need to point crsplabweb2.example.com to the haproxy IP that's
the whole point of it running behind a proxy. Or am I missing something? "
Well, I am not sure what you meant by that comment above.
On Sun, Oct 28, 2018 at 8:07 PM Igor Cicimov
wrote:
> Well you need to point
Well you need to point crsplabweb2.example.com to the haproxy IP that's the
whole point of it running behind a proxy. Or am I missing something?
On Mon, Oct 29, 2018 at 1:28 PM Imam Toufique wrote:
> Hi Igor,
>
> Thank you so much, I will definitely try your suggestions, but I am not
> sure how
Hi Igor,
Thank you so much, I will definitely try your suggestions, but I am not
sure how it will help my situation. shibboleth SP looks for, let's
suppose, https://crsplabweb2.example.com/Shibboleth.sso - for it it's
single sign-on. for apache or nginx to talk to the SP, SP needs to run in
the
Hi Imam,
On Sat, Oct 27, 2018 at 4:42 PM Imam Toufique wrote:
> Hi Igor,
>
> Thanks very much for offering to help! I will do this in sections,
> hopefully, I can keep this from being too cluttered.
>
> haproxy.cfg:
>
>
-
> *Von:* Imam Toufique
> *Gesendet:* 27. Oktober 2018 19:06:50 MESZ
> *An:* al-hapr...@none.at
> *CC:* Igor Cicimov , haproxy <
> haproxy@formilux.org>
> *Betreff:* Re: apache proxy pass rules in HAproxy
>
> Hi Aleks,
> Yes, I should
Hi.
Thanks for the infos. Have you also seen the other answers in the previous mail?
Regards
Aleks
Ursprüngliche Nachricht
Von: Imam Toufique
Gesendet: 27. Oktober 2018 19:06:50 MESZ
An: al-hapr...@none.at
CC: Igor Cicimov , haproxy
Betreff: Re: apache proxy pass rules
Hi Aleks,
Yes, I should have done last in my last email post. Sorry about that.
haproxy version:
[root@crsplabnet2 haproxy]# haproxy -vv
HA-Proxy version 1.8.14-52e4d43 2018/09/20
Copyright 2000-2018 Willy Tarreau
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
Hi Imam.
It would be helpfull to know your used versions:
haproxy -vv
apache httpd version
shibboleth version
A small workflow picture like:
Client -> haproxy -> apache httpd -> shibboleth ?
Am 27.10.2018 um 07:44 schrieb Imam Toufique:
> Hi Igor,
>
> Thanks very much for offering to help!
Hi Igor,
Thanks very much for offering to help! I will do this in sections,
hopefully, I can keep this from being too cluttered.
haproxy.cfg:
--
global
#log /dev/log local0 debug
#log /dev/log local1 debug
Hi Imam,
On Sat, Oct 27, 2018 at 9:37 AM Imam Toufique wrote:
> Hi,
>
> I came up with the following config, things seem to be working now, for
> the most part.
>
> frontend http_front
>bind :80
>bind 0.0.0.0:443 ssl crt /etc/haproxy/crsplab2_1.pem
>stats uri /haproxy?stats
>
Hi,
I came up with the following config, things seem to be working now, for the
most part.
frontend http_front
bind :80
bind 0.0.0.0:443 ssl crt /etc/haproxy/crsplab2_1.pem
stats uri /haproxy?stats
default_backend web1_cluster
option httplog
log global
#option dontlognull
On Thu, Oct 25, 2018 at 6:31 PM Igor Cicimov
wrote:
>
>
> On Thu, 25 Oct 2018 6:13 pm Imam Toufique wrote:
>
>> so I almost got this to work, based on the situation I am in. To
>> elaborate just a bit, my setup involves a shibboleth SP that I need to
>> authenticate my application. Since I
On Thu, 25 Oct 2018 6:13 pm Imam Toufique wrote:
> so I almost got this to work, based on the situation I am in. To
> elaborate just a bit, my setup involves a shibboleth SP that I need to
> authenticate my application. Since I can't set up the HA proxy node with
> shibboleth SP - I had to
so I almost got this to work, based on the situation I am in. To
elaborate just a bit, my setup involves a shibboleth SP that I need to
authenticate my application. Since I can't set up the HA proxy node with
shibboleth SP - I had to wrap my application in the backend with apache so
I can pass
Ok, I will give that a try. thanks.
On Tue, Oct 23, 2018 at 5:40 PM Igor Cicimov
wrote:
>
>
> On Wed, Oct 24, 2018 at 11:35 AM Imam Toufique
> wrote:
>
>> Not completely there yet, but I at least got the backend server login
>> screen to come up with the following:
>>
>> frontend
>> acl
On Wed, Oct 24, 2018 at 11:35 AM Imam Toufique wrote:
> Not completely there yet, but I at least got the backend server login
> screen to come up with the following:
>
> frontend
> acl host_web3 path_beg /jhub
> use_backend web3_cluster if host_web3
>
> backend
> backend web3_cluster
>mode
Not completely there yet, but I at least got the backend server login
screen to come up with the following:
frontend
acl host_web3 path_beg /jhub
use_backend web3_cluster if host_web3
backend
backend web3_cluster
mode http
#http-request set-header Host bk.dom.com
balance roundrobin #
Hi.
Am 23.10.2018 um 09:04 schrieb Imam Toufique:
> I am looking for some help on how to write the following apache proxypass
> rules
> in HAproxy. Not to mention I am at a bit of loss with my first try :-) .
> Here
> are my current proxypass rules:
>
> ProxyPass
I am looking for some help on how to write the following apache
proxypass rules in HAproxy. Not to mention I am at a bit of loss with my
first try :-) . Here are my current proxypass rules:
ProxyPass http://10.1.100.156:8000/jhub
ProxyPassReverse http://10.1.100.156:8000/jhub
25 matches
Mail list logo